<?php
require_once 'config.php';

if (!isset($_SESSION['reset_verified']) || !$_SESSION['reset_verified']) {
    header('Location: forgot_password.php');
    exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $password = $_POST['password'];
    $confirm_password = $_POST['confirm_password'];

    // 验证密码
    if ($password !== $confirm_password) {
        $_SESSION['errors'] = ['两次输入的密码不一致'];
        header('Location: reset_password.php?token='.$token);
        exit;
    }

    if (strlen($password) < 8) {
        $_SESSION['errors'] = ['密码长度至少8位'];
        header('Location: reset_password.php?token='.$token);
        exit;
    }

    // 验证令牌
    $token_hash = hash('sha256', $token);
    $stmt = $pdo->prepare("SELECT * FROM users 
                          WHERE reset_token_hash = ?
                          AND reset_token_expires_at > NOW()");
    $stmt->execute([$token_hash]);
    $user = $stmt->fetch();

    if ($user) {
        // 更新密码
        $hash = password_hash($password, PASSWORD_DEFAULT);
        $updateStmt = $pdo->prepare("UPDATE users 
                                    SET password = ?,
                                        reset_token_hash = NULL,
                                        reset_token_expires_at = NULL
                                    WHERE id = ?");
        $updateStmt->execute([$hash, $user['id']]);
        
        $_SESSION['success'] = '密码已重置，请重新登录';
        header('Location: login.php');
        exit;
    } else {
        $_SESSION['errors'] = ['无效或过期的重置链接'];
        header('Location: forgot_password.php');
        exit;
    }
    // 重置成功后清理会话
    unset($_SESSION['reset_user'], $_SESSION['reset_verified']);
}

// 显示重置表单
include 'includes/header.php';
?>

<div class="row justify-content-center mt-5">
    <div class="col-md-6">
        <div class="card">
            <div class="card-body">
                <h2 class="card-title text-center">设置新密码</h2>
                <?php show_alerts(); ?>
                <form method="post">
                    <div class="mb-3">
                        <label for="password" class="form-label">新密码</label>
                        <input type="password" 
                               class="form-control" 
                               id="password" 
                               name="password"
                               required
                               minlength="8">
                    </div>
                    <div class="mb-3">
                        <label for="confirm_password" class="form-label">确认密码</label>
                        <input type="password" 
                               class="form-control" 
                               id="confirm_password" 
                               name="confirm_password"
                               required
                               minlength="8">
                    </div>
                    <button type="submit" class="btn btn-primary w-100">提交新密码</button>
                </form>
            </div>
        </div>
    </div>
</div>

<?php include 'includes/footer.php'; ?>